Monday, September 8, 2008
Configuring svn, trac, SSL under Ubuntu
Been working on setting up subversion, with trac and SSL - currently for evaluation purposes.
I’m not a developer at all, and although I respect that you can build everything from src, prefer not to.
Normally CentOS is the linux distribution I use, but frankly, it’s a hell of a hassle getting the dependancies sorted - quicksilver et al. I do have something running under it, but not especially happy with it. May return to look at it again later.
So, instead I’ve taken a quick look at Ubuntu 8.04 for it - server not desktop edition, so no GUI. In general, the installation and configuration process for this leaves something to be desired. The following *appears* to get it working for me. I’m not claiming it to be optimal or even “correct”. I’m also not looking at configuration of trac and subversion, just getting them installed and available.
The webserver itself (for my purposes) will also require php support, so going to add a bunch more packages for that.
I wish to use SSL to support https
I’m going to place both subversion repositories and trac pages on a seperate disk under a /subversion mount.
/subversion/repos - subversion
/subversion/trac - trac
Subversion repositories will be available as
https://localhost/svnrepos/
Trac as
https://localhost/trac/
Trac is anonymous browsing enabled, authentication required for the login option. Subversion should require login anyway - yes, there’s no point having login required in subversion if you allow anonymous for the “browse source” option in trac - this is a test setup. It’s easy to modify the necessary apache directives to require authentication for all of trac.
Standard http pages may still be served out of the default
Firewall enabled, and SSH, http/https only allowed
# Firewall - I like to work with firewalls on at the start/at all times: sudo ufw enable sudo ufw allow 22/tcp sudo ufw allow 80/tcp sudo ufw allow 443/tcp # check it sudo ufw status # get some packages sudo apt-get install subversion libapache2-svn apache2 python2.4-pysqlite2 python-clearsilver python-subversion # get trac and install it wget http://ftp.edgewall.com/pub/trac/trac-0.10.4.tar.gz tar -xzf trac-0.10.4.tar.gz cd trac-0.10.4 sudo python setup.py install # get some more php related packages sudo apt-get install libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php5-imagick php5-mcrypt php5-memcache php5-mhash php5-mysql php5-pspell php5-snmp php5-sqlite php5-xmlrpc php5-xsl # Ensure relevent modules are loaded sudo a2enmod ssl sudo a2enmod php5 # Bounce apache after any changes sudo /etc/init.d/apache2 restart # I like to test that pages are being served, and .php is supported at this point # Deal with SSL. sudo mkdir /etc/apache2/ssl sudo apt-get install ssl-cert sudo /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem follow the text based wizard
As I want access to be via https only for trac and the repositories, ie /svnrepos and /trac, amend /etc/apache2/sites-available/default as follows (following the end of the default VirtualHost directives) :
NameVirtualHost *:443 <VirtualHost *:443> SSLEngine on SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire SSLCertificateFile /etc/apache2/ssl/apache.pem SSLProtocol all SSLCipherSuite HIGH:MEDIUM ScriptAlias /trac /usr/share/trac/cgi-bin/trac.cgi <Location "/trac"> SetEnv TRAC_ENV_PARENT_DIR "/subversion/trac" </Location> <LocationMatch "/trac/[^/]+/login"> AuthType Basic AuthName "Trac" AuthUserFile /etc/svn-auth-conf2 Require valid-user </LocationMatch> <Location /svnrepos> DAV svn SVNParentPath /subversion/repos AuthType Basic AuthName "Subversion" AuthUserFile /etc/svn-auth-conf2 Require valid-user </Location> </VirtualHost> # /etc/svn-auth-conf2 is the file storing passwords created with sudo htpasswd -c -m /etc/svn-auth-conf2 username
I’m doing all my testing under VMware ESXi, so adding a 2nd disk is easier from a resources perspective. See my principles post for my reasons on a 2nd disk - separate system from data. This 2nd disk will appear as a SCSI disk - in my case /dev/sdb.
Use fdisk to create a partition - again, just accepting the defaults, which as a partition will be /dev/sdb1, and format as ext3
# Create mount point - /subversion and my directories /subversion/repos and /subversion/trac sudo mkdir /subversion sudo mkdir /subversion/trac /subversion/repos # Add entry to /etc/fstab to mount on reboot. # I create my svn repository in /subversion/repos with : sudo svnadmin create repositoryname # I set permissions sudo chown -R www-data.www-data repositoryname # I create the trac layout with : sudo trac-admin repositoryname initenv # And answer the questions posed # I set permissions with sudo chown -R www-data.www-data repositoryname